Cybercrime and Business: Strategies for Global Corporate Security

manner.

Part 1

The Global Cybercrime Landscape

Chapter 1

The Global Cybercrime Industry

Abstract

Attackers, defenders, innovators, and regulators form the cybercrime network and together make up what is often referred to as the cybercrime industry. While cybercrime can originate anywhere in the world that has the infrastructure necessary to operate over the Internet, there are certain areas that are most amenable to the rise of cybercriminals. Cybercrime has a large and rapidly growing impact on businesses of all types. Even initially small-scale cyberattacks on companies can easily spin out of control to become mega-disasters. Cybercriminals do not have to attack a company directly in order to do it damage. They can cripple a business by going after the infrastructure that supports it, particularly the electric power grid, air traffic control and transportation systems, as well as commercial databases and information systems for financial institutions. The major players in the global cybercrime industry include the cybercriminals and their victims, but there are other actors as well and particularly government (and their regulations) and what we refer to as systems that allow (or prevent) cybercrime to take place.

Keywords

Cyberattacks; Threats; Regional variations; Impact on business; Infrastructure; Victims; Regulators; Open systems; Closed systems; The Cloud

Contents

1.1 Cybercrime and Cybersecurity

1.1.1 Types of Cyberattacks

1.1.2 Threats from China and Russia

1.2 The Internet and Cybercrime as an Asymmetric Threat

1.3 Cybercrime as an Industry

1.4 Location and Regional Variations of Cybercrime

1.5 The Intensity and Spread of Cybercrime

1.6 Impact on Business

1.7 Cybercrime and the Infrastructure

1.8 Relevant Actors

1.8.1 The Cybercriminals

1.8.2 The Victims

1.8.3 The Regulators

1.8.4 The Systems

References

Before we delve into the cyber risk patterns of different types of companies and their strategic options, it is useful to consider the nature of cybercrime and cybersecurity within the USA and as a global phenomena, to understand why cyber war is so different from other, more traditional types of warfare, to appreciate the nature of cybercrime as a distinct industry, to map out regional differences in the level and types of cybercriminal activity currently taking place, to consider the fundamental issues that dog businesses in today’s world of cybercrime, and, finally, to come to grips with the major actors who rose up during, and now inhabit and work within, the technical, social, and economic structures created by this digital century.

1.1 Cybercrime and Cybersecurity

Cybercrime is one of the most pressing issues facing the digital world in the 21st century. The costs incurred with the failure of computers, smartphones, tablets, and other electronic devices to prevent cybercriminals from their aggressive and increasingly sophisticated attacks are truly enormous, and growing rapidly. Cybercrime not only steals valuables—some in the form of intellectual property or trade secrets—but in doing so, it negatively impacts employment. In developed countries, cybercrime has the effect of shifting personnel away from the most high-value jobs. IntelSecurity estimates that in the USA, cybercrime has resulted in the loss of 200,000 jobs, or a 1% decrease in employment annually. A country’s economic growth then suffers. Even when the unemployed workers displaced by cybercrime find other jobs, they are not as high paying. With consumers having less money in their pockets, they spend less overall, which tends to slow down a nation’s economy.a

Despite this ever growing and highly publicized threat to businesses and to their home countries, it is not at all clear that the business community appreciates—or even cares to coldly face—the risk that confronts it [2].

Geographically, the impact of cybercrime is most prevalent in developed countries, especially the USA, the European Union—the UK has the second largest cybercrime industry after the USA—and Japan. Developing countries—China, India, Brazil, Russia, and a number of Eastern European countries—are themselves nurturing the rise of cybercriminal groups and a large and sophisticated cybercrime industry that targets the wealthier companies and organizations in North America and Europe.b

1.1.1 Types of Cyberattacks

The various types of cyberattacks are well known and will not be taken up here in any great detail.c For our purposes, it is sufficient to point out that cybercrime takes many forms, three of the most common being hacking (seeking and exploiting weaknesses in a computer system or network for profit, protest, or the challenge), phishing (stealing from computer networks of personal and other sensitive information), and spamming (posting unsolicited communication on the computer systems and networks of others). The introduction of computer viruses and other malicious software (malware) is a common way for hackers to enter into, disrupt, and steal from other computer systems. It may be a sad comfort to know that some things never change and that, fundamentally, these types of malicious digital activity result in the perpetrating of such traditional crimes as fraud, theft (of information and funds), piracy (of intellectual property), terrorism, extortion, human trafficking, pornography, and similar types of offences that have existed for centuries.

1.1.2 Threats from China and Russia

Prior to the coming of the digital age, theft of trade secrets was carried out by corporate moles or angry employees and involved the theft of physical objects, such as paper files and other types of documentation. With the coming of the digital workplace, it has become much easier to steal corporate secrets electronically and from a distance. In the 21st century, a number of recent developments have made it far easier than in the past for hackers to appropriate corporate secrets. These include the rise of the Internet and the proliferation of smartphones, iPads, and other electronic devices within the workplace. The ability of these devices to directly connect into the company’s network is of particular concern. Because these devices are not usually protected from outside attack, they are easy prey for would be hackers. The perpetrators can enter into the company network and access all its data and information by simply breaking into employees’ portable devices and use these beachheads as the jumping off point into companies’ networks allowing them to access and take strategically sensitive information without leaving evidence of their theft. Such cybercrime is becoming an increasingly common occurrence in the workplace. A growing number of company employees bring their own electronic devices to work rather than use corporate-approved devices. Close to half of US companies that allow personally owned devices to connect to the corporate network have experienced a data breach.

The fact that the theft of proprietary corporate information can take place at a distance exposes domestic companies to theft by foreign countries. In fact, US security experts and government officials say they are increasingly concerned about the theft of information by foreign companies and government agencies. Studies conducted by the US government identify China and Russia as the leading offenders of cyber espionage in the second decade of the 21st century. Hackers within these countries have become very sophisticated in their methods of operation. For example, The U.S. Chamber of Commerce, the nation’s largest business-lobbying group reported that in 2010 its employees were targeted by China-based cybercriminals who could hack into the computers of the Chamber’s member organizations. A recent trend has been the ability of the Chinese business and military to penetrate computers and mobile devices of foreign businessmen and government officials who visit China. This cybertheft of critical information has forced foreign visitors to China to adopt strategies to deflect these attempts, including leaving their computers, smartphones, and other mobile devices at home, and bring with them blank loaner devices; keeping their phones, computers and tablets close at hand and when, not using them, making sure they not only turn off the device but remove the battery to prevent them from being turned on remotely; connecting to the Internet only through an encrypted, password-protected channel; and never typing in a password directly onto a device, since Chinese hackers can surreptitiously install software devices that steals this information, without being detected.

Cybersecurity issues also have geopolitical implications. The activity of Chinese cybercriminals against US companies and government has strained relations between the two countries. In another instance, in 2013 the North Korean government launched a serious cyberattack against the South Korean banking system, thus increasing tensions between the two countries. However, issues of corporate security do not have to involve one country stealing information from another. Within the USA, UK and other countries, there are concerns that domestic government agencies, such as the National Security Administration (NSA) in the USA, are using advanced computer and communication technology to obtain personal information on their own citizens.

The growing prevalence of cloud computing, while offering greater range and efficiency to business operations, also provides cyber criminals a new tool through which they can breach company information and data networks. Rather than having to go to the considerable trouble of learning the internal workings of the computer systems of different companies, cybercriminals will be able to launch one attack on the servers storing the data of many clients in the cloud network. From here, they can access, steal, and infect the data systems of a large number of companies. Thus hackers can leverage the power of the cloud to more efficiently carry out their criminal activities. One such example involved cybercriminals using the cloud to draw off money from banks in Europe, the U.S. and South America through automated cash transfers.

While technological advances offer increased opportunities for cybercriminals to carry out their campaigns, they also create new weapons for law enforcement personnel, corporations and governments to use to prevent security breaches. These include innovative encryption and cryptographic techniques and software as well as more advanced biosensors identification systems, fraud detection software and other types of detection and prevention technology. But it is clear that as society finds new ways to heighten cybersecurity in government, industry, and the home, cybercriminals will find new ways to identify and breach weaknesses in these systems.

1.2 The Internet and Cybercrime as an Asymmetric Threat

What makes the Internet so exposed today to cyberattack is the very thing that makes it such a powerful tool in society: it is the point at which the three major modes of communication—wired, wireless, and optical—flow together. This multi-modal dynamism makes the Internet a highly alluring target to hackers and, at the same time, provides a number of ways in which they can enter and cause havoc to both public and private networks and disrupt the flow of information through them. Today …the cyber network stretches from the enterprise network and its infrastructure to wireless devices being used at the tactical end by the military, law enforcement shopper or drivers using GPS-disabled devices [2, p. 5].

Within this more complicated technological world is the additional problem that cybercrime can be seen as essentially an asymmetric threat. In contrast to traditional warfare, where attackers and defenders were on equal ground when confronting one another (attacks were met with greater defenses, leading to new ways to attack followed by even stronger protective barriers and so forth), in cybercrime, such equality between victim and perpetrator does not exist; the cybercriminal has the palpable advantage in the attack-defense game. While the Internet is more complex than ever before, hackers do not necessarily have to be deeply trained to break in. It doesn’t take a lot of capital to become a successful hacker. Anyone with a computer can be a cybercriminal, whether he or she is working for government or out of a garage. Cybercrime can be carried out from virtually anywhere in the world and it is fairly easy for cybercriminals to cover their tracks. Attacks travel through multiple waypoints that cleverly hide the origins and even trajectory of the invaders’ itinerary. Once the attacker gets into a target network, then the infiltrator can …move quickly, slowly or lie dormant, depending on the nature of the victim’s network and intruder’s intent. As the speed of information through networks increases, the perpetrator gains the initiative. The hacker can take full advantage of the speed of hardware, software and communications technology upgrades to expedite attack vectors. The defender is continuously in a game of catchup. Then too, the growing use of open source technology eases the way for cybercriminals to become familiar with system architectures—which are essentially codified and easily learned and manipulated—of potential targets and to effectively plan and carry out their attacks [2, p. 8].

1.3 Cybercrime as an Industry

Attackers, defenders, innovators, and regulators form the cybercrime network and together make up what is often referred to as the cybercrime industry. The study of cybercrime as a global industry is still in its infancy. The topic of cybercrime itself has only recently come into view as a developing, coherent economic entity. Much like any other recognized industrial sector, the global cybercrime industry has its sellers (those who create hardware and software that are the tools for carrying out cybercriminal acti?vities), buyers (individuals and countries that purchase such hardware and software for the purpose of actually carrying out cybercriminal activities), and distribution systems (which in this case works under the regulatory radar). There is also an intense competitive dynamic at work in the cybercrime industry—a type of creative destruction—which acts not only between suppliers of the tools of cybercrime, but also involves those who purchase these tools to gain advantage over their competitors, otherwise known as victims. If companies cannot keep up with the technological and strategic advances of the cybercriminals, they suffer economically. If, for example, Company A in some industry can steal intellectual property from its competitor Company B through the use of a new type of microchip either internally developed or purchased (or otherwise obtained) from a third party, then Company A gains a competitive advantage over Company B because of technological